MySQL security, add 23 security doors for easy use!

Source: Internet
Author: User
We all know that MySQL security is very important. We must pay attention to the use of MySQL security. The following are 23 things worth our attention when prompted by the MySQL database. If you are a crazy MySQL database, you can browse the following articles. 1. If the connection between the client and the server needs to be crossed and passed through untrusted

We all know that MySQL security is very important. We must pay attention to the use of MySQL security. The following are 23 things worth our attention when prompted by the MySQL database. If you are a crazy MySQL database, you can browse the following articles. 1. If the connection between the client and the server needs to be crossed and passed through untrusted

We all know that MySQL security is very important. We must pay attention to the use of MySQL security. The following are 23 things worth our attention when prompted by the MySQL database. If you are a crazy MySQL database, you can browse the following articles.

1. If the connection between the client and the server needs to span and pass through an untrusted network, you need to use an SSH tunnel to encrypt the communication of the connection.

2. use the set password statement to modify the user's password. In three steps, log on to the database system by "MySQL (the best combination with PHP)-u root, then, "MySQL (the best combination with PHP)> update MySQL (the best combination with PHP ). user set password = password ('newpwd') ", and then execute" flush privileges.

3. Attacks that need to be prevented include eavesdropping, tampering, playback, and denial of service. They do not involve availability or fault tolerance. Use the ACL-Based Access Control List-based MySQL security measures for all connections, queries, and other operations. There are also some support for SSL connections.

4. No other user except the root user is allowed to access the user table in the MySQL (best combination with PHP) primary database;

Once the encrypted user password stored in the user table is disclosed, other users can use the user name/password-related database at will;

5. Use the grant and revoke statements for user access control;

6. Do not use the plaintext password, but use md5 () and sha1 () to set the password;

7. Do not use words in the dictionary as the password;

8. Use a firewall to remove 50% of external risks, so that the database system can work behind the firewall or be placed in the DMZ area;

9. you can use nmap to scan port 3306 over the Internet. You can also use telnet server_host 3306 to test the function. You cannot access port 3306 of the database server from a untrusted network, therefore, you need to configure the firewall or vro;

10. to prevent malicious input of illegal parameters, for example, where ID = 234, others enter where ID = 234 OR 1 = 1 to display all of them, therefore, use ''or" "In web forms to use strings. Add % 22 to dynamic URLs to indicate double quotation marks, % 23 to indicate the well number, and % 27 to indicate single quotation marks; passing unchecked values to the MySQL (the best combination with PHP) database is very dangerous;

11. Check the size when passing data to MySQL (the best combination with PHP;

12. The general user account should be used for connecting applications to the database, and only a few necessary permissions should be granted to the user;

13. Use the specific 'escape characters' function in each programming interface (C ++ PHP Perl Java JDBC, etc;

When using MySQL (the best combination with PHP) databases over the internet, we must use less plaintext data for transmission, and use SSL and SSH encryption for data transmission;

14. Learn to use tcpdump and strings tools to view the MySQL security of data transmission, such as tcpdump-l-I eth0-w-src or dst port 3306 | strings. Start MySQL (the best combination of PHP and MySQL) database services as common users;

15. Do not use the joined symbol of the table. The selected parameter is skip-symbolic-links;

16. Make sure that only the user who starts the Database Service can have the read and write permissions on the file in the MySQL (best combination with PHP) Directory;

17. you are not allowed to grant the process or super permissions to non-administrator users. This MySQL (best combination with PHP) admin processlist can list the currently executed query text; the super permission can be used to disconnect the client, change the running parameter status of the server, and control the server that copies and copies the database;

18. The file permission is not paid to users other than the administrator, preventing the problem of loading data '/etc/passwd' to the table and then displaying it with select;

19. If you do not trust the services of the DNS service company, you can set only the IP address in the Host Name table;

20. Use the max_user_connections variable to make MySQL (the best combination with PHP) d service process and limit the number of connections for a specified account;

21. The grant statement also supports resource control options;

22. start MySQL (the best combination with PHP) d service process MySQL Security Option Switch, -- local-infile = 0 or 1 if it is 0, the client program will not be able to use local load data, an example of granting permissions is grant insert (user) on MySQL (the best combination with PHP ). user to 'user _ name' @ 'host _ name ';

If you use the -- skip-grant-tables system, no access control is required for any user's access, but MySQL (the best combination with PHP) can be used) admin flush-privileges or MySQL (the best combination with PHP) admin reload to enable access control. By default, the show databases statement is open to all users, you can use -- skip-show-databases to disable it.

23. when an Error occurs in Error 1045 (28000) Access Denied for user 'root' @ 'localhost' (Using password: NO), you need to reset the password: start MySQL (the best combination with PHP) d with the -- skip-grant-tables parameter, and then execute MySQL (the best combination with PHP) -u root MySQL (the best combination with PHP ).

MySQL (the best combination with PHP)> update user set password = password ('newpassword') where user = 'root'; MySQL (the best combination with PHP)> flush privileges; and then restart MySQL (the best combination with PHP.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.